From 1e1cd7ce0aa362a0a2a20a764145035be911673d Mon Sep 17 00:00:00 2001
From: Tom Smeding <tom@tomsmeding.com>
Date: Sat, 27 Feb 2021 17:39:46 +0100
Subject: server: Restrict is_online to only query users you know about

---
 db.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'db.c')

diff --git a/db.c b/db.c
index a349b44..e2dd6f1 100644
--- a/db.c
+++ b/db.c
@@ -453,6 +453,24 @@ bool db_delete_token(i64 userid,const char *token){
 	return success;
 }
 
+bool db_user_knows_user(i64 userid1, i64 userid2) {
+	assert(userid1 != -1 && userid2 != -1);
+	static sqlite3_stmt *stmt = NULL;
+	if (!stmt) {
+		SQLITE(prepare_v2, database,
+				"select count(*) > 0 "
+				"from Members as A, Members as B "
+				"where A.room = B.room and A.user = ? and B.user = ?"
+			,-1, &stmt, NULL);
+	}
+	SQLITE(bind_int64, stmt, 1, userid1);
+	SQLITE(bind_int64, stmt, 2, userid2);
+	assert(sqlite3_step(stmt) == SQLITE_ROW);
+	bool found = sqlite3_column_int(stmt, 0) == 1;
+	reset_stmt(stmt);
+	return found;
+}
+
 
 i64 db_create_message(i64 roomid,i64 userid,i64 timestamp,i64 replyid,const char *message){
 	static sqlite3_stmt *stmt = NULL;
-- 
cgit v1.2.3-70-g09d2